Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.5%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2023-26269
  • Apache » James » Version: N/A
    cpe:2.3:a:apache:james:-
  • Apache » James » Version: 2.2.0
    cpe:2.3:a:apache:james:2.2.0
  • Apache » James » Version: 3.3.0
    cpe:2.3:a:apache:james:3.3.0
  • Apache » James » Version: 3.4.0
    cpe:2.3:a:apache:james:3.4.0
  • Apache » James » Version: 3.6.1
    cpe:2.3:a:apache:james:3.6.1
  • Apache » James » Version: 3.6.2
    cpe:2.3:a:apache:james:3.6.2
  • Apache » James » Version: 3.7.0
    cpe:2.3:a:apache:james:3.7.0
  • Apache » James » Version: 3.7.3
    cpe:2.3:a:apache:james:3.7.3


Products
Pricing
Contact Us

Shodan ® - All rights reserved